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DETAILED ACTION 

1 . Claims 1-7 and 9-20 are pending. The Examiner acknowledges amended claims 
1,18, and 20 and cancelled claim 8. 

2. The Examiner notes that the Office indeed had reopened prosecution to enter a 
new ground of rejection, see Non-Final Office action, mailed 08 April 2008, responsive 
to a Notice of Appeal, filed 12 March 2008. 

Response to Remarks/Argument 

3. Applicant's arguments filed 08 July 2008 have been fully considered but they are 
not persuasive for the reasons set forth below. 

Applicant argues: 

(1 ) "It is believed that the limitations of claims 1,18, and 20 as amended are not 
met by the collective teachings of the allegedly admitted prior art in view of Cheriton and 
Buia." 

The Examiner disagrees and has addressed the argument in the rejection below. 

Hence, the Applicant's arguments do not distinguish over the claimed invention 
over the prior art of record. 
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Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 1-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Applicant's Admission of Prior Art (Pub. No. 2005/01 14655 A1), hereinafter AAPA, in 
view of Cheriton (USPN 7,149,216), hereinafter Cheriton, and further in view of Buia et 
al. (USPN 2004/0078683 A1), hereinafter Buia. 

a. Per claim 1, AAPA discloses a method of generating a representation of 
an access control list (See pg. 1 paragraph [0003] where routers or switches 
typically utilize ACLs.), the representation being utilizable in a processor (See pg. 1 
paragraph [0004] where network processors are used.), the method comprising the 
steps of: 

determining a plurality of rules of the access control list, each of at least a subset 
of the rules having a plurality of fields and a corresponding action (See page 1 
paragraph [0003] where an ACL generally comprises a set of rules, the rules 
having fields and corresponding actions.). 

AAPA does not explicitly disclose processing the rules to generate a multi-level 
tree representation of the access control list, each of one or more of the levels of the 
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tree representation being associated with a corresponding one of the fields; and 
wherein at least one level of the tree representation comprises a plurality of nodes. 

However, Cheriton discloses the ACL having rules compiled into an ACL-M-trie 
Plus data structure having multiple levels, and each level having of a plurality of nodes 
being associated with fields, the fields included source and destination addresses (See 
col. 2 lines 15-18 and 35-37, and col. 4 lines 5-9 where M-trie Plus data structure is 
a multi-level tree.). Cheriton also discloses wherein for each level of the tree 
representation that corresponds to a field of a rule of the access control list (See 
Cheriton col. 4 lines 35-41 where first and second levels corresponding to fields 
including source and destination address.), a master list of nodes is maintained, 
each node comprising at least one of information characterizing one or more field 
values associated with that node (See Cheriton col. 3 lines 53-67 where extended 
ACL List is master list.), one or more subtree pointers for that node, and a reference 
count indicating how many ancestor nodes are pointing to that node (See Cheriton col. 
3 lines 46-51 where oppointer includes pointers for a node and opcode; i.e. 
subtree pointers and a reference count.). Cheriton also discloses wherein the tree 
representation is generated by sequentially processing the rules of the access control 
list, the processing for a given rule comprising applying values of fields of the given rule 
to one or more existing nodes of the tree representation (See col.1 lines 55-59 and 
col. 2 lines 15-19 of Cheriton for access control list processing.), and wherein 
when a particular value of a field of the given rule is applied to a given node (See col. 2 
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lines 35-43 where sequence of nodes have applied source and destination 
address values, see col. 4 lines 5-9.). 

At the time of the invention, it would have been obvious to a person of ordinary 
skill in the art of generating Access Control Lists (ACLs) (AAPA) to generate a multi- 
level tree representation of the access control list as taught by Cheriton. The motivation 
would have been to provide a faster way of traversing the ACL due to earlier methods 
being relatively slow (See col. 1 lines 39-46 of Cheriton.). 

AAPA in view of Cheritan does not explicitly disclose that with two or more of the 
nodes of a level having a common subtree, the tree representation including only a 
single copy of that subtree; the subtree comprising at least one node that is not a leaf 
node of the tree representation; the tree representation being characterizable as a 
directed graph in which each of the two nodes having the common subtree points to the 
single copy of the common subtree and a copy is made of the node, the field value is 
applied to the copied node, and the resultant updated node is added to the master list of 
the corresponding level. 

However, Buia discloses two or more of the nodes of a level of a tree in a 
directed graph representation having a common subtree pointing to a single copy of the 
common subtree comprising at least one node that is not a leaf node of the tree (See 
Fig. 7B where two nodes 'FAULT A' and 'FAULT F' have common subtree at node 
'FAULT C where node 'FAULT C of the common subtree is not a leaf node and 
the subtree is the only copy in the tree representation. The tree representation is 
characterized as a directed graph.). Buia discloses a copy is made of the node, the 
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field value is applied to the copied node, and the resultant updated node is added to the 
master list of the corresponding level (See pg. 8 paragraph [0099] Buia teaches 
creating copy of node.). 

At the time of the invention, it would have been obvious to a person of ordinary 
skill in the art of generating Access Control Lists (ACLs) in a multi-level tree 
representation (as AAPA, Cheritan, and Buia) to have two or more of the nodes of a 
level of the tree in a directed graph representation having a common subtree pointing to 
a single copy of the common subtree and discloses a copy is made of the node, the 
field value is applied to the copied node, and the resultant updated node is added to the 
master list of the corresponding level as taught by Buia. The motivation would have 
been to optimize efficiency and productivity by creating an ACL tree representation that 
handles identical tree portions or subtrees by sharing subtrees (as seen on pg. 3 
paragraph [0025] and pg. 9 paragraph [0101] of Buia.). 

b. Per claim 2, AAPA discloses wherein the common subtree is 
implemented at least in part as a matching table (AAPA See pg. 1 paragraph [0009] 
where ACL rules are stored in table format. Also see [0003] where ACL typically 
imply an ordered matching or ordered list of AAPA.). 

c. Per claim 3, Cheriton discloses wherein the plurality of fields comprises at 
least first and second fields, the first field comprising a source address field and the 
second field comprising a destination address field (See pg. 1 paragraph [0003] where 
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fields define source and destination addresses of Cheriton.). 

d. Per claim 4, Cheriton discloses wherein a final level of the tree 
representation comprises a plurality of leaf nodes, each associated with one of the 
actions of the plurality of rules (See col. 2 lines 35-42, col. 3 lines 53-63, and col. 4 
lines 5-9 of Cheriton where second level of nodes of the addresses is associated 
with routing rules.). 

e. Per claim 5, Cheriton discloses wherein the at least one level of the tree 
representation comprises a root level of the tree representation (See col. 4 lines 1-4 of 
Cheriton where tree, including roots; i.e. root level.). 

f. Per claim 6, Buia wherein a second level of the tree representation 
includes a plurality of nodes, each being associated with a subtree of a given one of the 
plurality of nodes of the root level of the tree representation (See Figs. 7B and Fig. 8 
where tree representation may include plurality of root level nodes as in 7B and a 
second level with a plurality of nodes from a root level.,). 

g. Per claim 7, Cheriton discloses wherein for each level of the tree 
representation that corresponds to a field of a rule of the access control list (See 
Cheriton col. 4 lines 35-41 where first and second levels corresponding to fields 
including source and destination address.), a master list of nodes is maintained, 
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each node comprising at least one of information characterizing one or more field 
values associated with that node (See Cheriton col. 3 lines 53-67 where extended 
ACL List is master list.), one or more subtree pointers for that node, and a reference 
count indicating how many ancestor nodes are pointing to that node (See Cheriton col. 
3 lines 46-51 where oppointer includes pointers for a node and opcode; i.e. 
subtree pointers and a reference count.). 

h. Per claims 9, Buia discloses wherein the updated node is compared with 
other nodes of the master list and if a duplicate node is found, the copied node is 
deleted and a pointer to the duplicate node is provided to an ancestor node that points 
to the given node, a subtree pointer of the ancestor node is updated to the duplicate 
node pointer, a reference count of the duplicate node now pointed to by the ancestor 
node is incremented and a reference count of the given node previously pointed to by 
the ancestor node is decremented (See pg. 8 paragraph [0099] Buia teaches 
creating copy of node.). 

i. Per claims 10, Buia discloses the method of claim 9 wherein if a duplicate 
node is found in the master list, that duplicate node is moved to an initial position in the 
master list (See pg. 8 paragraph [0099] for copy node.). 

j. Per claims 11, Cheriton discloses the wherein for each node in the 
master list (See Cheriton were master list is extended ACL list), a copy pointer is 
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maintained, and wherein when a copied node is compared to the master list and a 
duplicate node is found, the copied node is added as a copy to the master list for use in 
conjunction with the processing of a subsequent rule (See AAPA for ACL rules. See 
Buia pg. 8 paragraph [0099] for copy node.) 

k. Per claims 12, Cheriton and Buia discloses wherein for each node in the 
master list (See Cheriton col. 3 lines 64-66 where extended ACL list is master list), 

a signature is maintained in order to facilitate node comparisons, a full comparison of 
node subtrees being performed only if a match is obtained between node signatures 
(See Buia Fig. 7B for common subtree node.). 

I. Per claims 13, Cheriton discloses wherein the signature for a given node 
is generated as a function of at least one of a field value and a subtree pointer (See 
Cheriton col. 3 lines 46-51 for subtree pointer; i.e. oppointer and col. 4 lines 5-10 
for field values; i.e. source and destination address.). 

m. Per claim 14, AAPA in view of Cheriton and Buia discloses wherein the 
corresponding actions include at least an accept action and a deny action (See 
rejection of claim 1 above where an accept or deny action is involved in routing 
the packets.). 



Application/Control Number: 10/723,160 Page 10 

Art Unit: 2165 

n. Per claim 15, AAPA discloses the method of claim 1 further including the 
step of storing at least a portion of the tree representation in memory circuitry 
accessible to the processor (See AAPA pg. 1 paragraph [0007] where memory is 
taught.). 

o. Per claim 16, AAPA and Cheriton discloses the method of claim 1 further 
including the step of utilizing the stored tree representation to perform an access control 
list based function in the processor (See AAPA pg. 1 paragraph [0004] for utilizing in 
the network processor, [0007] for memory, and Cheriton col. 2 lines 15-20 for 
stored tree structure.). 

p. Per claim 17, AAPA discloses the method of claim 16 wherein the access 
control list based function comprises packet filtering (See AAPA pg. 1 paragraph 
[0004] where packet filtering is taught). 

q. Per claim 18, rejection of claim 1 is incorporated. Claim 18 is rejected 
under the same rationale as claim 1 . AAPA in view of Cheriton and Buia discloses an 
apparatus configured for performing one or more processing operations utilizing a 
representation of an access control list, the access control list comprising a plurality of 
rules, each of at least a subset of the rules having a plurality of fields and a 
corresponding action (See AAPA paragraph [0003] for ACL comprising rules having 
fields.), the apparatus comprising: 
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a processor having memory circuitry associated therewith (See AAPA pg. 1 
paragraph [0004] for network processors and [0007] for memory circuitry.); 

the memory circuitry being configured for storing (See AAPA pg. 1 [0007] for 
memory circuitry) at least a portion of a multi-level tree representation of the access 
control list, each of one or more of the levels of the tree representation being associated 
with a corresponding one of the fields (See Cheriton cols. 2 lines 35-44 for levels of 
multi-level tree representation of ACL.); 

the processor being operative to utilize the stored tree representation to perform 
an access control list based function (See AAPA pg. 1 paragraph [0004] for network 
processors in view of Cheriton cols. 2 lines 35-44 for tree representation to 
perform ACL function.) 

wherein at least one level of the tree representation comprises a plurality of 
nodes (See col. 2 lines 15-18 and 35-37, and col. 4 lines 5-9 of Cheriton where M- 
trie Plus data structure is a multi-level tree.), 

Cheriton also discloses wherein for each level of the tree representation that 
corresponds to a field of a rule of the access control list (See Cheriton col. 4 lines 35- 
41 where first and second levels corresponding to fields including source and 
destination address.), a master list of nodes is maintained, each node comprising at 
least one of information characterizing one or more field values associated with that 
node (See Cheriton col. 3 lines 53-67 where extended ACL List is master list.), one 
or more subtree pointers for that node, and a reference count indicating how many 
ancestor nodes are pointing to that node (See Cheriton col. 3 lines 46-51 where 
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oppointer includes pointers for a node and opcode; i.e. subtree pointers and a 
reference count.). Cheriton also discloses wherein the tree representation is generated 
by sequentially processing the rules of the access control list, the processing for a given 
rule comprising applying values of fields of the given rule to one or more existing nodes 
of the tree representation (See col.1 lines 55-59 and col. 2 lines 15-19 of Cheriton 
for access control list processing.), and wherein when a particular value of a field of 
the given rule is applied to a given node (See col. 2 lines 35-43 where sequence of 
nodes have applied source and destination address values, see col. 4 lines 5-9.). 

AAPA in view of Cheritan does not explicitly disclose that with two or more of the 
nodes of a level having a common subtree, the tree representation including only a 
single copy of that subtree; the subtree comprising at least one node that is not a leaf 
node of the tree representation; the tree representation being characterizable as a 
directed graph in which each of the two nodes having the common subtree points to the 
single copy of the common subtree and a copy is made of the node, the field value is 
applied to the copied node, and the resultant updated node is added to the master list of 
the corresponding level. 

However, Buia discloses two or more of the nodes of a level of a tree in a 
directed graph representation having a common subtree pointing to a single copy of the 
common subtree comprising at least one node that is not a leaf node of the tree (See 
Fig. 7B where two nodes 'FAULT A' and 'FAULT F' have common subtree at node 
'FAULT C where node 'FAULT C of the common subtree is not a leaf node and 
the subtree is the only copy in the tree representation. The tree representation is 
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characterized as a directed graph.). Buia discloses a copy is made of the node, the 
field value is applied to the copied node, and the resultant updated node is added to the 
master list of the corresponding level (See pg. 8 paragraph [0099] Buia teaches 
creating copy of node.;. 

At the time of the invention, it would have been obvious to a person of ordinary 
skill in the art of generating Access Control Lists (ACLs) in a multi-level tree 
representation (as AAPA, Cheritan, and Buia) to have two or more of the nodes of a 
level of the tree in a directed graph representation having a common subtree pointing to 
a single copy of the common subtree and discloses a copy is made of the node, the 
field value is applied to the copied node, and the resultant updated node is added to the 
master list of the corresponding level as taught by Buia. The motivation would have 
been to optimize efficiency and productivity by creating an ACL tree representation that 
handles identical tree portions or subtrees by sharing subtrees (as seen on pg. 3 
paragraph [0025] and pg. 9 paragraph [0101] of Buia.) 

r. Per claim 19, rejection of claim 18 is incorporated. AAPA discloses the 
apparatus of claim 18 wherein the memory circuitry comprises at least one of internal 
memory and external memory of the processor (See AAPA paragraph [0007] memory 
circuitry and [0004] for processor.) 

s. Per claim 20, rejection of claim 1 is incorporated. Claim 20 is rejected 
under the same rationale as claim 1 . AAPA in view of Cheriton and Buia discloses an 
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article of manufacture comprising a machine-readable storage medium having program 
code stored thereon, the program code generating a representation of an access control 
list, the representation being utilizable in a processor (See AAPA pg. 1 paragraph 
[0003] for ACL [0004] for processor, and [0007] for article of manufacture 
comprising machine-readable storage medium, i.e. memory.), wherein the program 
code when executed implements the steps of: 

determining a plurality of rules of the access control list, each of at least a subset 
of the rules having a plurality of fields and a corresponding action (See AAPA page 1 
paragraph [0003] where an ACL generally comprises a set of rules, the rules 
having fields and corresponding actions.); and 

processing the rules to generate a multi-level tree representation of the access 
control list, each of one or more of the levels of the tree representation being associated 
with a corresponding one of the fields; wherein at least one level of the tree 
representation comprises a plurality of nodes (See Cheritan where col. 2 lines 15-18 
and 35-37, and col. 4 lines 5-9 where M-trie Plus data structure is a multi-level 
tree.). 

Cheriton also discloses wherein for each level of the tree representation that 
corresponds to a field of a rule of the access control list (See Cheriton col. 4 lines 35- 
41 where first and second levels corresponding to fields including source and 
destination address.), a master list of nodes is maintained, each node comprising at 
least one of information characterizing one or more field values associated with that 
node (See Cheriton col. 3 lines 53-67 where extended ACL List is master list.), one 
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or more subtree pointers for that node, and a reference count indicating how many 
ancestor nodes are pointing to that node (See Cheriton col. 3 lines 46-51 where 
oppointer includes pointers for a node and opcode; i.e. subtree pointers and a 
reference count.). Cheriton also discloses wherein the tree representation is generated 
by sequentially processing the rules of the access control list, the processing for a given 
rule comprising applying values of fields of the given rule to one or more existing nodes 
of the tree representation (See col.1 lines 55-59 and col. 2 lines 15-19 of Cheriton 
for access control list processing.), and wherein when a particular value of a field of 
the given rule is applied to a given node (See col. 2 lines 35-43 where sequence of 
nodes have applied source and destination address values, see col. 4 lines 5-9.). 

AAPA in view of Cheritan does not explicitly disclose that with two or more of the 
nodes of a level having a common subtree, the tree representation including only a 
single copy of that subtree; the subtree comprising at least one node that is not a leaf 
node of the tree representation; the tree representation being characterizable as a 
directed graph in which each of the two nodes having the common subtree points to the 
single copy of the common subtree and a copy is made of the node, the field value is 
applied to the copied node, and the resultant updated node is added to the master list of 
the corresponding level. 

However, Buia discloses two or more of the nodes of a level of a tree in a 
directed graph representation having a common subtree pointing to a single copy of the 
common subtree comprising at least one node that is not a leaf node of the tree (See 
Fig. 7B where two nodes 'FAULT A' and 'FAULT F' have common subtree at node 
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'FAULT C where node 'FAULT C of the common subtree is not a leaf node and 
the subtree is the only copy in the tree representation. The tree representation is 
characterized as a directed graph.). Buia discloses a copy is made of the node, the 
field value is applied to the copied node, and the resultant updated node is added to the 
master list of the corresponding level (See pg. 8 paragraph [0099] Buia teaches 
creating copy of node.). 

At the time of the invention, it would have been obvious to a person of ordinary 
skill in the art of generating Access Control Lists (ACLs) in a multi-level tree 
representation (as AAPA, Cheritan, and Buia) to have two or more of the nodes of a 
level of the tree in a directed graph representation having a common subtree pointing to 
a single copy of the common subtree and discloses a copy is made of the node, the 
field value is applied to the copied node, and the resultant updated node is added to the 
master list of the corresponding level as taught by Buia. The motivation would have 
been to optimize efficiency and productivity by creating an ACL tree representation that 
handles identical tree portions or subtrees by sharing subtrees (as seen on pg. 3 
paragraph [0025] and pg. 9 paragraph [0101] of Buia.) 

Conclusion 

6. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
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TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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